成长值: 62800
|
题目不是很完整,答案仅供参考
( I4 r6 B4 ]9 f! b- V2 m
5 h4 r0 o4 a+ W. A; qQuestion 01:1 A" x' z# g' s' C7 ^4 C
Witch access list entry checks for an ACK within a packet header?9 r0 @. N" K, h5 u
A access-list 49 permit ip any any eq 21 tcp-ack. K+ i2 }; e8 L4 T
B access-list 49 permit tcp any any eq 21 tcp-ack4 Z7 }: T( L7 I& w0 F$ ]) l3 {
C access-list 149 permit tcp any any eq 21 established
9 B+ d4 ^, m! S6 P5 DD access-list 49 permit tcp any any eq 21 established, V5 v$ m* l: }5 L' m: H3 ]
Ans: C
. M( L7 Z! O$ ~6 O# l( j———————————————————————————
: `" ?" @1 K* s' K$ E% N- |' \, hQuestion 02:$ ?5 d3 \7 i5 j# h
Which option is one way to mitigate symmetric routing on an active/active firewall setup for TCP-based connections?
' |& W; R5 S8 Y" l8 KA performing packet captures
) X" x% r. g- w" `% w! c! {- S1 oB disabling asr-group commands on interfaces that are likely to receive asymetric traffic# T" i) S8 o" U. U% b
C replacing them with redundant routers and allowing load balancing
3 m$ ? t: J" R% l1 l; O6 uD disabling stateful TCP checks
% A; n! ?, J9 ~9 f* S& aAns: D/ e, l; w7 u: v
: U! s' Y, z% A H% a- k! ^) h
2 K3 c: O5 b; |' d5 I! O
|
|